New ransomware threat with ties to Russia targets healthcare providers

The Department of Health and Human Services (HHS) has issued another brief about a significant ransomware threat to the healthcare industry. This time, the ransomware group was associated with Russia and managed to breach some major healthcare systems.

Known as Clop, the Russian-linked ransomware group has been responsible for a mass attack on more than 130 organizations, according to HHS. Community Health Systems (CHS), a Tennessee-based health system, is one healthcare organization that was recently impacted by a major cybersecurity attack through its third-party vendor Fortra. Protected health information and HIPAA protected information was exposed, the company said in a filing to the Securities and Exchange Commission (SEC).

For its mass attack, Clop used a zero-day vulnerability in secure file transfer software GoAnywhere MFT. The group took responsibility for the attacks when it informed “Bleeping Computer,” a technology and computer tutorial website, that it had stolen personal information and protected health information over a 10-day period.

“It also stated that it has the ability to encrypt affected healthcare systems by deploying ransomware payloads,” according to HHS.

However, the group did not provide proof it was behind the attacks. Analysis of the group’s actions found it may be written to target Windows systems, though the threat actor has another version using the same encryption method and similar process logic. Despite flaws that make it possible to decrypt locked files without paying a ransom, “Clop could employ this new ransomware campaign to target additional industries, including healthcare,” HHS said.

The group has been active since early 2019 and has “characteristic ransomware as a service (RaaS) TTP [that] makes it one of the most successful ransomware groups in the past few years,” according to HHS. Clop is one of several recent cybercriminal groups that have recently targeted the healthcare industry. Healthcare’s huge swath of personal health and protected information makes the industry a huge target for criminals aiming to steal the sensitive data and hold it for ransom.

“Healthcare is particularly vulnerable to cyberattacks, owing to their high propensity to pay a ransom, the value of patient records, and often inadequate security,” HHS said. “In 2022, 24 hospitals and multihospital healthcare systems were attacked, and more than 289 hospitals were potentially impacted by ransomware attacks.”

Unlike other ransomware groups, however, Clop almost exclusively targets the healthcare industry, HHS found. The majority––77%––of its attacks in 2021 targeted healthcare infrastructure. Clop likely suffered a major “setback” after six individuals associated with the group were arrested in Ukraine in June 2021, but the  “prolific” group is still a serious threat.

Amy Baxter

Amy joined TriMed Media as a Senior Writer for HealthExec after covering home care for three years. When not writing about all things healthcare, she fulfills her lifelong dream of becoming a pirate by sailing in regattas and enjoying rum. Fun fact: she sailed 333 miles across Lake Michigan in the Chicago Yacht Club "Race to Mackinac."

Around the web

Compensation for heart specialists continues to climb. What does this say about cardiology as a whole? Could private equity's rising influence bring about change? We spoke to MedAxiom CEO Jerry Blackwell, MD, MBA, a veteran cardiologist himself, to learn more.

The American College of Cardiology has shared its perspective on new CMS payment policies, highlighting revenue concerns while providing key details for cardiologists and other cardiology professionals. 

As debate simmers over how best to regulate AI, experts continue to offer guidance on where to start, how to proceed and what to emphasize. A new resource models its recommendations on what its authors call the “SETO Loop.”